In this post I will explain how to check if the current user that started the workflow, is in a specific group in SharePoint. This pertains to a SharePoint 2013 workflow using the SharePoint Designer.
The gist of the solution is to use the REST api to get a list of all the users in a SharePoint group. Once the list is retrieved, loop over the results checking to see if the current user matches the user in the results.
The REST API endpoints we will use are the following:
https://sharepointsite/_api/web/SiteGroups/
– REST endpoint to get all the groups on the site
https://sharepointsite/_api/web/SiteGroups/GetByID(ID#)/Users
– REST endpoint to get all the users for a specific group on the site
Steps to Creating the Workflow
First, access the https://sharepointsite/_api/web/SiteGroups/ REST API in a browser and examine the XML output. Find the group that you want to get the members of. Make note of its corresponding ID number.
Create a SharePoint 2013 workflow in SharePoint Designer.
Build a dictionary called RequestHeaders and add the following members to the dictionary:
Name: accept
Value: application/json; odata=verbose
Name: content-type
Value: application/json; odata=verbose
Add a REST call action and specify the URL as [%Workflow Context: Current Site URL %]/_api/web/SiteGroups/GetByID(ID#)/Users
Replace the ID# with the Group ID number we noted.
Set the HTTP Method to Get.
Right click on the REST call action and select Properties. Set the Request Headers field to the workflow variable RequestHeaders that we created earlier. Also, set the ResponseContent to a dictionary variable called ResponseContent.
Create an IF statement where we will check if the responseCode is equal to “OK”.
Inside the IF statement, make a get data from dictionary call. Set the path of the get to d/results from the dictionary called ResponseContent and output the content in a dictionary called ResponseItems.
Next, Count items in ResultItems. Output to NumOfResponseItems.
Create an integer variable called index, and set it to 0.
Create a loop that will loop for the NumOfResponseItems.
Inside the loop, get the value d/result(index)/LoginName and store it in the variable LoginName.
Now check If the variable “WorkflowInitiator” equals the LoginName. If it does set a Boolean variable called IsUserGrantedAccess to Yes.
Finally, increment the index variable by 1, and output the result back into the index.
I used a stage condition where if the IsUserGrantedAccess is equal to yes, then perform the logic of the workflow, otherwise go to a Rejected stage where the Initiator is emailed that they do not have the appropriate access.
The end result should look something like below. I put the whole process into its own stage. In the stage transition I check if the IsUserGrantedAccess variable is set to Yes. If so, move onto whatever task you want the authorized user to perform, otherwise go to a Rejected stage where the Initiator is emailed stating they do not have access to perform the task.
For more information about the groups API, please see Microsoft’s documentation.
https://msdn.microsoft.com/en-us/library/office/dn531432.aspx